FIFO instead of NIC

[Tiaan Wessels <tiaanwessels () gmail com>]

Hi,
I have installed snort on an Ubuntu machine. I have in /etc/snort a file
with DEBIAN_SNORT_INTERFACE="eth0" in it which results in snort starting at
boot with -i eth0 in its command-line. However, I want snort to startup on
boot to read from a fifo e.g. /tmp/eth0.fifo instead. Can someone assist to
show how to achieve this. I have a router sending all traffic to my Ubuntu
machine in TZSP . I have a program that strips of TZSP and dumps in pcap
format to a fifo /tmp/eth0.fifo and I want snort to use this traffic for
analysis instead of the Ubuntu machine's own eth0. Essentially I want the
-i eth0 replaced with -r /tmp/eth0.fifo but cannot figure out where in
snort's configs to do this.
Thanks

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!